package com.dongwu.security.utils;

import java.util.Collection;
import java.util.Iterator;
import java.util.List;

import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.core.GrantedAuthority;

import com.dongwu.common.utils.Collections3;
import com.dongwu.common.utils.SpringUtils;
import com.dongwu.common.utils.UserUtils;
import com.dongwu.config.DataPermissionConfiguration;
import com.dongwu.security.model.SecurityUser;



/**
 * 权限校验实用类
 * @author zhanghui
 */
public class SecurityUtils {

	private static Logger logger = LoggerFactory.getLogger(SecurityUtils.class);
	
	/**
	 * 校验权限，满足其中一个
	 * @param roleNameStr ROLE_AA,ROLE_BB,ROLE_CC
	 * @return
	 */
	public static boolean hasRole(String roleNameStr) {
		if (StringUtils.isEmpty(roleNameStr)) {
			return true;
		}
		
		SecurityUser securityUser = UserUtils.getUser();
		
		if (logger.isDebugEnabled()) {
			logger.info("权限校验，用户{}，所需权限{}", securityUser.toString(), roleNameStr);
		}
		String[] roleNames = roleNameStr.split(",");
		for(String roleName : roleNames) {
			Collection<? extends GrantedAuthority> authorities = securityUser.getAuthorities();
			for (Iterator<?> iterator = authorities.iterator(); iterator.hasNext();) {
				GrantedAuthority grantedAuthority = (GrantedAuthority) iterator.next();
				if (roleName.equals(grantedAuthority.getAuthority())) {
					return true;
				}
			}
		}
		return false;
	}

	/**
	 * 判断当前用户是否需要校验数据权限
	 * @return
	 */
	public static boolean needCheckDataPermission() {
		SecurityUser securityUser = UserUtils.getUser();
		// 未配置数据权限
		if(Collections3.isEmpty(securityUser.getDataPermissions())) {
			return false;
		}
		// 选择了全国
		if (securityUser.getDataPermissions().contains(getAllShopid())) {
			return false;
		}
		return true;
	}
	
	/**
	 * 根据Entity和用户判断是否需要过滤数据权限
	 * @param entity
	 * @return
	 */
	public static boolean needCheckDataPermission(Class entity) {
		DataPermissionConfiguration dataPermissionConfiguration = SpringUtils.getBean(DataPermissionConfiguration.class);
		if (dataPermissionConfiguration.isInWhiteList(entity)) {
			return false;
		}
		
		return needCheckDataPermission();
	}

	/**
	 * 获取用户数据权限校验字符串
	 * @return
	 */
	public static String getDataPermissionStr() {
		SecurityUser securityUser = UserUtils.getUser();
		return securityUser.getDataPermissionStr();
	}
	
	/**
	 * 获取用户数据权限校验字符串
	 * @return
	 */
	public static List<String> getDataPermissions() {
		SecurityUser securityUser = UserUtils.getUser();
		return securityUser.getDataPermissions();
	}
	
	/**
	 * 根据entity class获取数据权限校验字段名
	 * @param entity
	 * @return
	 */
	public static String getDataPermissionCheckField(Class entity) {
		DataPermissionConfiguration dataPermissionConfiguration = SpringUtils.getBean(DataPermissionConfiguration.class);
		return dataPermissionConfiguration.getCheckField(entity);
	}
	
	public static String getAllShopid() {
		DataPermissionConfiguration dataPermissionConfiguration = SpringUtils.getBean(DataPermissionConfiguration.class);
		return dataPermissionConfiguration.getAllShopid();
	}
	
	public static Integer getAreaIdCheckLength() {
		DataPermissionConfiguration dataPermissionConfiguration = SpringUtils.getBean(DataPermissionConfiguration.class);
		return dataPermissionConfiguration.getAreaIdCheckLength();
	}

	public static String getDefaultUserPassword() {
		DataPermissionConfiguration dataPermissionConfiguration = SpringUtils.getBean(DataPermissionConfiguration.class);
		return dataPermissionConfiguration.getDefaultUserPassword();
	}
}
